You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Silo <si...@falcon.mychamp.com> on 2015/09/15 17:53:23 UTC
Stale Roles when using JDBC realm and hazelcast cache
I've configured a salted JDBC realm and a hazelcast cache. It seems to be
working just fine with one exception — newly defined roles in the DB are not
recognized by shiro. My guess is that this has something to do with the
subject/session/role being cached but not being updated when the DB changes.
I would like to make DB changes outside of the shiro app. What is the best
way to insure my cache is updated with changes made in the DB?
My steps are this:
1) Create a new session by logging in using a user's credentials.
2) Ask shiro if the user has a defined role. It answers that the user does
indeed have the role.
3) Add a new role for that user in the DB.
4) Ask shiro if the user has the new role. It answers that the user does not
have the role.
Restarting the shiro app will fix the problem.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Stale-Roles-when-using-JDBC-realm-and-hazelcast-cache-tp7580759.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Stale Roles when using JDBC realm and hazelcast cache
Posted by Brian Demers <br...@gmail.com>.
It is either managed by the application directly, or if an external change,
the user logs out and in again
On Wed, Sep 16, 2015 at 2:21 PM, Silo <si...@falcon.mychamp.com> wrote:
> Anyone using an LDAP backend along with a cache must have the same problem.
> When changes are made in the LDAP service, how is the cached kept in sync?
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Stale-Roles-when-using-JDBC-realm-and-hazelcast-cache-tp7580759p7580763.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
Re: Stale Roles when using JDBC realm and hazelcast cache
Posted by Silo <si...@falcon.mychamp.com>.
Anyone using an LDAP backend along with a cache must have the same problem.
When changes are made in the LDAP service, how is the cached kept in sync?
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Stale-Roles-when-using-JDBC-realm-and-hazelcast-cache-tp7580759p7580763.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Stale Roles when using JDBC realm and hazelcast cache
Posted by Brian Demers <br...@gmail.com>.
You could use CachingRealm.clearCache, it is protected, but that could be
an option if you are subclassing
https://github.com/apache/shiro/blob/1.2.x/core/src/main/java/org/apache/shiro/realm/CachingRealm.java#L164
You could also access the CacheManager directly, and clear all the cache,
but that is a bit heavy handed.
On Tue, Sep 15, 2015 at 11:53 AM, Silo <si...@falcon.mychamp.com> wrote:
> I've configured a salted JDBC realm and a hazelcast cache. It seems to be
> working just fine with one exception — newly defined roles in the DB are
> not
> recognized by shiro. My guess is that this has something to do with the
> subject/session/role being cached but not being updated when the DB
> changes.
> I would like to make DB changes outside of the shiro app. What is the best
> way to insure my cache is updated with changes made in the DB?
>
> My steps are this:
> 1) Create a new session by logging in using a user's credentials.
> 2) Ask shiro if the user has a defined role. It answers that the user does
> indeed have the role.
> 3) Add a new role for that user in the DB.
> 4) Ask shiro if the user has the new role. It answers that the user does
> not
> have the role.
>
> Restarting the shiro app will fix the problem.
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Stale-Roles-when-using-JDBC-realm-and-hazelcast-cache-tp7580759.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>